Difference between pages "Training Courses and Providers" and "Windows 8"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
(Commercial Training (Non-Tool Vendor))
 
(External Links)
 
Line 1: Line 1:
This is the list of Training Providers, who offer training courses of interest to practitioners and researchers in the field of Digital Forensics.   Conferences which may include training are located on the [[Upcoming_events]] page.
+
Initially Windows 8 had a workstation and server edition. The server edition became Windows Server 2012.
  
<b>PLEASE READ BEFORE YOU EDIT THE LIST BELOW</b><br>
+
== New Features ==
Some training providers offer on-going training courses that are available in an on-line "any time" format. Others have regularly scheduled training that is the same time each month.  Others have recurring training but are scheduled at various times throughout the year. Providers training courses should be listed in alphabetical order, and should be listed in the appropriate section.  Non-Commercial training is typically offered by governmental agencies or organizations that directly support law enforcement.  Tool Vendor training is training offered directly by a specific tool vendor, which may apply broadly, but generally is oriented to the vendor's specific tool (or tool suite).  Commercial Training is training offered by commercial companies which may or may not be oriented to a specific tool/tool suite, but is offered by a company other than a tool vendor.
+
The following new features were introduced in Windows 8:
 +
* [[Windows File History | File History]]
 +
* [[Windows Storage Spaces | Storage Spaces]]
 +
* [[Search Charm History]]
  
<i>Some training opportunities may be <u>limited</u> to <b>Law Enforcement Only</b> or to a specific audience.  Such restrictions should be noted when known.</i>
+
== File System ==  
== On-going / Continuous Training ==
+
The file system used by Windows 8 is primarily [[NTFS]].
{| border="0" cellpadding="2" cellspacing="2" align="top"
+
|- style="background:#bfbfbf; font-weight: bold"
+
! width="40%"|Title
+
! width="20%"|Date/Location
+
! width="40%"|Website
+
|-
+
|- style="background:pink;align:left"
+
! DISTANCE LEARNING
+
|-
+
|Basic Computer Examiner Course - Computer Forensic Training Online
+
|Distance Learning Format
+
|http://www.cftco.com
+
|-
+
|Linux Data Forensics Training
+
|Distance Learning Format
+
|http://www.crazytrain.com/training.html
+
|-
+
|SANS On-Demand Training
+
|Distance Learning Format
+
|http://www.sans.org/ondemand/?portal=69456f95660ade45be29c00b0c14aea1
+
|-
+
|Champlain College - CCE Course
+
|Online / Distance Learning Format
+
|http://extra.champlain.edu/cps/wdc/alliances/cce/landing/
+
|-
+
|Las Positas College
+
|Online Computer Forensics Courses
+
|http://www.laspositascollege.edu
+
|-
+
|National Center for Media Forensics
+
|Distance and Concentrated Audio/Video/Image Forensics
+
|http://cam.ucdenver.edu/ncmf
+
|-
+
|- style="background:pink;align:left"
+
!RECURRING TRAINING
+
|-
+
|Evidence Recovery for Windows 7&reg; operating system;
+
|First full week every month<br>Brunswick, GA
+
|http://www.internetcrimes.net
+
|-
+
|Evidence Recovery for Windows 8&reg;
+
|Second full week every month<br>Brunswick, GA
+
|http://www.internetcrimes.net
+
|-
+
|Evidence Recovery for Windows Server&reg; 2008 and 2012
+
|Third full week every month<br>Brunswick, GA
+
|http://www.internetcrimes.net
+
|-
+
|}
+
  
==Non-Commercial Training==
+
The [[Resilient File System (ReFS)]] was initially available in the Windows 8 server edition but became part of Windows 2012 server edition.
{| border="0" cellpadding="2" cellspacing="2" align="top"
+
|- style="background:#bfbfbf; font-weight: bold"
+
! width="40%"|Title
+
! width="40%"|Website
+
! width="20%"|Limitation
+
|-
+
|Defense Cyber Investigations Training Academy (DCITA)
+
|http://www.dc3.mil/dcita/dcitaAbout.php
+
|Limited To Certain Roles within US Government Agencies[http://www.dc3.mil/dcita/dcitaRegistration.php (1)]
+
|-
+
|Federal Law Enforcement Training Center
+
|http://www.fletc.gov/training/programs/technical-operations-division
+
|Limited To Law Enforcement
+
|-
+
|MSU National Forensics Training Center
+
|http://www.security.cse.msstate.edu/ftc
+
|Limited To Law Enforcement
+
|-
+
|IACIS
+
|http://www.iacis.com/training/course_listings
+
|Limited To Law Enforcement and Affiliate Members of IACIS
+
|-
+
|SEARCH
+
|http://www.search.org/programs/hightech/courses/
+
|Limited To Law Enforcement
+
|-
+
|National White Collar Crime Center
+
|http://www.nw3c.org/ocr/courses_desc.cfm
+
|Limited To Law Enforcement
+
|-
+
|}
+
  
==Tool Vendor Training==
+
== Jump Lists ==
{| border="0" cellpadding="2" cellspacing="2" align="top"
+
[[Jump Lists]] are Task Bar artifacts that were first introduced on Windows 7 and are also available on Windows 8.
|- style="background:#bfbfbf; font-weight: bold"
+
! width="40%"|Title
+
! width="40%"|Website
+
! width="20%"|Limitation
+
|-
+
|AccessData (Forensic Tool Kit FTK)
+
|http://accessdata.com/training
+
|-
+
|ASR Data (SMART)
+
|http://www.asrdata.com/forensic-training/overview/
+
|-
+
|ATC-NY (P2P Marshal, Mac Marshal)
+
|http://p2pmarshal.atc-nycorp.com/index.php/training http://macmarshal.atc-nycorp.com/index.php/training
+
|-
+
|BlackBag Technologies (Mac Forensic Tools- BlackLight and SoftBlock)
+
|https://www.blackbagtech.com/training.html
+
|-
+
|Cellebrite (UFED)
+
|http://cellebrite.com/mobile-forensics-products/ufed-training.html
+
|-
+
|CPR Tools (Data Recovery)
+
|http://www.cprtools.net/training.php
+
|-
+
|Digital Intelligence (FRED Forensics Platform)
+
|http://www.digitalintelligence.com/forensictraining.php
+
|-
+
|e-fense, Inc. (Helix3 Pro)
+
|http://www.e-fense.com/training/index.php
+
|-
+
|Guidance Software (EnCase)
+
|http://www.guidancesoftware.com/computer-forensics-training-courses.htm
+
|-
+
|Micro Systemation (XRY)
+
|http://www.msab.com/training/schedule
+
|-
+
|Nuix (eDiscovery)
+
|http://www.nuix.com.au/eDiscovery.asp?active_page_id=147
+
|-
+
|Paraben (Paraben Suite)
+
|http://www.paraben-training.com/schedule.html
+
|-
+
|Software Analysis & Forensic Engineering (CodeSuite)
+
|http://www.safe-corp.biz/training.htm
+
|-
+
|Technology Pathways(ProDiscover)
+
|http://www.techpathways.com/DesktopDefault.aspx?tabindex=6&tabid=9
+
|-
+
|SubRosaSoft (MacForensicsLab)
+
|http://www.macforensicslab.com/ProductsAndServices/index.php?main_page=index&cPath=2
+
|-
+
|Volatility Labs (Volatility Framework)
+
|http://volatility-labs.blogspot.com/search/label/training
+
|-
+
|WetStone Technologies (Gargoyle, Stego Suite, LiveWire Investigator)
+
|https://www.wetstonetech.com/trainings.html
+
|-
+
|X-Ways Forensics (X-Ways Forensics)
+
|http://www.x-ways.net/training/
+
|-
+
|}
+
  
==Commercial Training (Non-Tool Vendor)==
+
== [[Prefetch]] ==
{| border="0" cellpadding="2" cellspacing="2" align="top"
+
The prefetch hash function is similar to [[Windows 2008]].
|- style="background:#bfbfbf; font-weight: bold"
+
 
! width="40%"|Title
+
The [[Windows Prefetch File Format]] was changed on Windows 8.1 to version 26. (note this could be Windows 8 as well but has not been confirmed)
! width="40%"|Website
+
 
! width="20%"|Limitation
+
== Registry ==
|-
+
The [[Windows_Registry|Windows Registry]] remains a core component of the Windows operating system.
|Applied Security (Digital Forensics Training)
+
 
|http://www.appliedsec.com/forensics/training.html
+
== Application Experience and Compatibility ==
|-
+
On Windows 8 Amcache.hve replaces RecentFileCache.bcf and uses the [[Windows NT Registry File (REGF)]] format. A common location for Amcache.hve is:
|BerlaCorp iOS and GPS Forensics Training
+
<pre>
|http://www.berlacorp.com/training.html
+
C:\Windows\AppCompat\Programs\Amcache.hve
|-
+
</pre>
|Computer Forensic Training Center Online (CFTCO)
+
 
|http://www.cftco.com/
+
== See Also ==
|-
+
* [[Windows]]
|CCE Bootcamp
+
* [[Windows Vista]]
|http://www.cce-bootcamp.com/
+
* [[Windows 7]]
|-
+
 
|Cyber Security Academy
+
== External Links ==
|http://www.cybersecurityacademy.com/
+
* [http://en.wikipedia.org/wiki/Features_new_to_Windows_8 Features new to Windows 8], Wikipedia
|-
+
* [http://computerforensics.champlain.edu/blog/windows-8-forensics Windows 8 Forensics - part 1]
|Dera Forensics Group
+
* [http://computerforensics.champlain.edu/blog/windows-8-forensics-part-2 Windows 8 Forensics - part 2]
|http://www.deraforensicgroup.com/courses.htm
+
* [http://computerforensics.champlain.edu/blog/windows-8-forensics-part-3 Windows 8 Forensics - part 3]
|-
+
* [http://propellerheadforensics.files.wordpress.com/2012/05/thomson_windows-8-forensic-guide2.pdf Windows 8 Forensic Guide], by [[Amanda Thomson|Amanda C. F. Thomson]], 2012
|e-fense Training
+
* [http://forensicfocus.com/Forums/viewtopic/t=9604/ Forensic Focus: Windows 8 Forensics - A First Look], [http://www.youtube.com/watch?v=uhCooEz9FQs&feature=youtu.be Presentation], [http://www.forensicfocus.com/downloads/windows-8-forensics-josh-brunty.pdf Slides], by [[Josh Brunty]], August 2012
|http://www.e-fense.com/training/index.php
+
* [http://dfstream.blogspot.ch/2013/03/windows-8-tracking-opened-photos.html Windows 8: Tracking Opened Photos], by [[Jason Hale]], March 8, 2013
|-
+
* [http://dfstream.blogspot.com/2013/09/windows-8-and-81-search-charm-history.html Windows 8 and 8.1: Search Charm History], by [[Jason Hale]], September 9, 2013
|Forward Discovery, Inc.
+
* [http://www.swiftforensics.com/2013/12/amcachehve-in-windows-8-goldmine-for.html Amcache.hve in Windows 8 - Goldmine for malware hunters], by Yogesh Khatri, December 4, 2013
|http://www.forwarddiscovery.com
+
* [http://www.swiftforensics.com/2013/12/amcachehve-part-2.html Amcache.hve - Part 2], by Yogesh Khatri, December 16, 2013
|-
+
 
|H-11 Digital Forensics
+
[[Category:Operating systems]]
|http://www.h11-digital-forensics.com/training/viewclasses.php
+
|-
+
|High Tech Crime Institute
+
|http://www.gohtci.com
+
|-
+
|Infosec Institute
+
|http://www.infosecinstitute.com/courses/security_training_courses.html
+
|-
+
|Intense School (a subsidiary of Infosec Institute)
+
|http://www.intenseschool.com/schedules
+
|-
+
|MD5 Group (Computer Forensics and E-Discovery courses)(Dallas, TX)
+
|http://www.md5group.com
+
|-
+
|Mile 2 (Security and Forensics Certification Training)
+
|https://www.mile2.com/mile2-online-estore/classess.html
+
|-
+
|Mobile Forensics, Inc
+
|http://mobileforensicsinc.com/
+
|-
+
|NetSecurity
+
|http://www.netsecurity.com/training/registration_schedule.html
+
|-
+
|NID Forensics Academy (Certified Digital Forensic Investigator - CDFI Program)
+
|http://www.nidforensics.com.br/
+
|-
+
|NTI (an Armor Forensics Company) APPEARS DEFUNCT
+
|http://www.forensics-intl.com/training.html
+
|-
+
|Security University
+
|http://www.securityuniversity.net/classes.php
+
|-
+
|Steganography Analysis and Research Center (SARC)
+
|http://www.sarc-wv.com/training
+
|-
+
|Sumuri, LLC - Mac, Mobile, iLook Training
+
|http://www.sumuri.com/index.php/features/training-and-events-calendar
+
|-
+
|SysAdmin, Audit, Network, Security Institute (SANS)
+
|http://computer-forensics.sans.org/courses/
+
|-
+
|Teel Technologies Mobile Device Forensics Training
+
|http://www.teeltech.com/tt3/training.asp
+
|-
+
|viaForensics Advanced Mobile Forensics Training
+
|http://viaforensics.com/education/calendar/
+
|-
+
|Zeidman Consulting (MCLE)
+
|http://www.zeidmanconsulting.com/speaking.htm
+
|-
+
|}
+

Latest revision as of 15:13, 16 December 2013

Initially Windows 8 had a workstation and server edition. The server edition became Windows Server 2012.

New Features

The following new features were introduced in Windows 8:

File System

The file system used by Windows 8 is primarily NTFS.

The Resilient File System (ReFS) was initially available in the Windows 8 server edition but became part of Windows 2012 server edition.

Jump Lists

Jump Lists are Task Bar artifacts that were first introduced on Windows 7 and are also available on Windows 8.

Prefetch

The prefetch hash function is similar to Windows 2008.

The Windows Prefetch File Format was changed on Windows 8.1 to version 26. (note this could be Windows 8 as well but has not been confirmed)

Registry

The Windows Registry remains a core component of the Windows operating system.

Application Experience and Compatibility

On Windows 8 Amcache.hve replaces RecentFileCache.bcf and uses the Windows NT Registry File (REGF) format. A common location for Amcache.hve is:

C:\Windows\AppCompat\Programs\Amcache.hve

See Also

External Links